summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Set a default minimum value for class Int, handle long values better.Rob Crittenden2011-07-192-30/+37
| | | | | | | Allow a long to get as far as the min/max constraints where we can compare it to min/max int values and reject with a proper error message. https://fedorahosted.org/freeipa/ticket/1494
* With the external user/group management fixed, correct the unit tests.Rob Crittenden2011-07-201-3/+3
| | | | | The unit tests were incorrectly expecting the removed data back when removing external users.
* Correct sudo runasuser and runasgroup attributes in schemaJr Aquino2011-07-192-0/+41
| | | | https://fedorahosted.org/freeipa/ticket/1309
* Correct behavior for sudorunasgroup vs sudorunasuserJr Aquino2011-07-192-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/1309
* Fix regression when calculating external groups.Rob Crittenden2011-07-191-1/+1
| | | | | The members should be the current members of the entry, not the refreshed copy
* Fix sssd.conf to always have IPA certificate for the domain.Alexander Bokovoy2011-07-181-0/+6
| | | | | | | | | Fixes https://fedorahosted.org/freeipa/ticket/1476 SSSD will need TLS for checking if ipaMigrationEnabled attribute is set Note that SSSD will force StartTLS because the channel is later used for authentication as well if password migration is enabled. Thus set the option unconditionally.
* Don't set krbLastPwdChange when setting a host OTP password.Rob Crittenden2011-07-183-37/+70
| | | | | | | | | | | | | | We have no visibility into whether an entry has a keytab or not so krbLastPwdChange is used as a rough guide. If this value exists during enrollment then it fails because the host is considered already joined. This was getting set when a OTP was added to a host that had already been enrolled (e.g. you enroll a host, unenroll it, set a OTP, then try to re-enroll). The second enrollment was failing because the enrollment plugin thought it was still enrolled becaused krbLastPwdChange was set. https://fedorahosted.org/freeipa/ticket/1357
* A removed external host is shown in output when removing external hosts.Rob Crittenden2011-07-181-3/+3
| | | | | | This is just a display problem, the host is actually removed from the entry. https://fedorahosted.org/freeipa/ticket/1492
* Fix sudorule-remove-userMartin Kosek2011-07-191-2/+2
| | | | | | | Removed sudorule "External User" is displayed in the output when "--all" switch is used. https://fedorahosted.org/freeipa/ticket/1489
* Don't delete NIS netgroup compat suffix on 'ipa-nis-manage disable'.Jan Cholasta2011-07-191-15/+0
| | | | ticket 1469
* Optionally wait for 389-ds postop plugins to completeRob Crittenden2011-07-1913-3/+120
| | | | | | | | | | | Add a new command that lets you wait for an attribute to appear in a value. Using this you can do things like wait for a managed entry to be created, adding a new objectclass to the parent entry. This is controlled by a new booleon option, wait_for_attr, defaulting to False. https://fedorahosted.org/freeipa/ticket/1144
* Clean up of IP address checks in install scripts.Jan Cholasta2011-07-194-38/+13
| | | | | | Fixes ipa-dns-install incorrect warning. ticket 1486
* 35 remove escapes from the cvs parser in ipaserver/install/ldapupdate ↵Jr Aquino2011-07-191-2/+1
| | | | https://fedorahosted.org/freeipa/ticket/1472
* Change client enrollment principal prompt to hopefully be clearer.Rob Crittenden2011-07-191-1/+1
| | | | ticket https://fedorahosted.org/freeipa/ticket/1449
* Rearrange logging for NSCD daemon.Alexander Bokovoy2011-07-181-1/+4
| | | | | | | https://fedorahosted.org/freeipa/ticket/1373 When SSSD is in use, we actually trying to disable NSCD daemon. Telling that we failed to configure automatic _startup_ of the NSCD is wrong then.
* Return correct "RunAs External Group" when removing membersJr Aquino2011-07-181-4/+4
| | | | | | | | | If you used sudorule-remove-runasgroup to remove a member that member still appeared in the command output when --all was included (it isn't a default attribute). This was due to post-processing to evaluate external users/groups, the entry was actually updated properly. https://fedorahosted.org/freeipa/ticket/1348
* Specify the package name when the replication plugin is missing.Rob Crittenden2011-07-181-1/+2
| | | | ticket https://fedorahosted.org/freeipa/ticket/1155
* Fixed host details fields.Endi S. Dewata2011-07-181-11/+11
| | | | | | | The host details facet has been fixed to remove a redundant field and include some missing fields. Ticket #1484
* Removed reverse zones from host adder dialog.Endi S. Dewata2011-07-182-9/+31
| | | | | | | The host adder dialog has been modified to specify the new flag for retrieving the forward zones only. Ticket #1458
* Entity select widget improvementsEndi S. Dewata2011-07-1818-297/+453
| | | | | | | | The IPA.entity_select_widget has been modified into a searchable and editable drop down list. The base functionality has been extracted into IPA.combobox_widget. Ticket #1361
* Update minimum required version of python-netaddr.Jan Cholasta2011-07-171-0/+8
| | | | ticket 1288
* Generate a database password by default in all cases.Rob Crittenden2011-07-172-2/+2
| | | | | | | | | | | If the password passed in when creating a NSS certificate database is None then a random password is generated. If it is empty ('') then an empty password is set. Because of this the HTTP instance on replicas were created with an empty password. https://fedorahosted.org/freeipa/ticket/1407
* Set the ipa-modrdn plugin precedence to 60 so it runs lastRob Crittenden2011-07-172-0/+6
| | | | | | | | The default precedence for plugins is 50 and the run in more or less alphabetical order (but not guaranteed). This plugin needs to run after the others have already done their work. https://fedorahosted.org/freeipa/ticket/1370
* Set nickname of the RA to 'IPA RA' to avoid confusion with dogtag RARob Crittenden2011-07-171-2/+2
| | | | | | | | | | The old nickname was 'RA Subsystem' and this may confuse some users with the dogtag RA subsystem which we do not use. This will only affect new installs. Existing installations will continue to work fine. https://fedorahosted.org/freeipa/ticket/1236
* Fix failing tests due to object name changesRob Crittenden2011-07-172-8/+8
| | | | | Some object names had spaces in them which was bad, update the tests to reflect the new names.
* Create tool to manage dogtag replication agreementsRob Crittenden2011-07-177-30/+620
| | | | | | | | | | | | | | | | | | | | For the most part the existing replication code worked with the following exceptions: - Added more port options - It assumed that initial connections were done to an SSL port. Added ability to use startTLS - It assumed that the name of the agreement was the same on both sides. In dogtag one is marked as master and one as clone. A new option is added, master, the determines which side we're working on or None if it isn't a dogtag agreement. - Don't set the attribute exclude list on dogtag agreements - dogtag doesn't set a schedule by default (which is actually recommended by 389-ds). This causes problems when doing a force-sync though so if one is done we set a schedule to run all the time. Otherwise the temporary schedule can't be removed (LDAP operations error). https://fedorahosted.org/freeipa/ticket/1250
* Use information from the certificate subject when setting the NSS nickname.Rob Crittenden2011-07-174-21/+57
| | | | | | | | | | | There were a few places in the code where certs were loaded from a PKCS#7 file or a chain in a PEM file. The certificates got very generic nicknames. We can instead pull the subject from the certificate and use that as the nickname. https://fedorahosted.org/freeipa/ticket/1141
* Validate that the certificate subject base is in valid DN format.Rob Crittenden2011-07-171-1/+26
| | | | https://fedorahosted.org/freeipa/ticket/1176
* Improve long integer type validationMartin Kosek2011-07-181-0/+24
| | | | | | | | | Passing a number of "long" type to IPA Int parameter invokes user-unfriendly error message about incompatible types. This patch improves Int parameter with user understandable message along with maximum value he can pass. https://fedorahosted.org/freeipa/ticket/1346
* Fix typo in ipa-replica-prepareMartin Kosek2011-07-181-1/+0
| | | | | https://fedorahosted.org/freeipa/ticket/1327 https://fedorahosted.org/freeipa/ticket/1347
* Add new dnszone-find testMartin Kosek2011-07-182-1/+83
| | | | | | | | Implement a test for new dnszone-find option --forward-only. Fix example for reverse zone (zone was not fully qualified and DNS plugin would forbid adding PTR records). https://fedorahosted.org/freeipa/ticket/1473
* Check IPA configuration in install toolsMartin Kosek2011-07-188-11/+58
| | | | | | | | | Install tools may fail with unexpected error when IPA server is not installed on a system. Improve user experience by implementing a check to affected tools. https://fedorahosted.org/freeipa/ticket/1327 https://fedorahosted.org/freeipa/ticket/1347
* Fix exit status of ipa-nis-manage enable.Jan Cholasta2011-07-151-8/+5
| | | | ticket 1247
* Add ability to specify DNS reverse zone name by IP network address.Jan Cholasta2011-07-155-12/+76
| | | | | | | In order for this to work, chaining of parameters through default_from is made possible. ticket 1474
* Fix self-signed replica installationMartin Kosek2011-07-142-2/+6
| | | | | | | | | When a replica for self-signed server is being installed, the installer crashes with "Not a dogtag CA installation". Make sure that installation is handled correctly for both dogtag and self-signed replicas. https://fedorahosted.org/freeipa/ticket/1479
* Fix ipa-dns-installMartin Kosek2011-07-151-19/+13
| | | | | | | | | | | | | When DNS plugin is installed via ipa-dns-install and user has a valid Kerberos ticket at the time, the DNS installation is corrupt and named won't start, reporting Preauthentication error. When the non-DM identity is used for authentication, krbprincipalkey attribute in DNS service LDAP record is not created, thus leading to the error. This patch makes sure that authentication with Directory Manager password is used every time. https://fedorahosted.org/freeipa/ticket/1483
* Fix creation of reverse DNS zones.Jan Cholasta2011-07-159-124/+196
| | | | | | | | | | | | | Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by default instead of using the netmask from the --ip-address option. Custom reverse DNS zone can be specified using new --reverse-zone option, which replaces the old --ip-address netmask way of creating reverse zones. The reverse DNS zone name is printed to the user during the install. ticket 1398
* Configure SSSD to store user password if offline.Jan Cholasta2011-07-142-0/+7
| | | | ticket 1359
* Remove the ability to create new HBAC deny rules.Rob Crittenden2011-07-143-5/+36
| | | | | | | | | | New rules will all be allow type. Existing rules cannot be changed to deny. The type attribute now defaults to allow with autofill so it won't be prompted in interactive mode in the cli. https://fedorahosted.org/freeipa/ticket/1432
* In sudo labels we should use RunAs and not Run As.Rob Crittenden2011-07-142-12/+12
| | | | https://fedorahosted.org/freeipa/ticket/1328
* Document registering to an entitlement server with a UUID as not implemented.Rob Crittenden2011-07-141-1/+4
| | | | | | | | It was my understanding that we would be able to pass in an existing UUID when registering to connect to an existing registration (for the case where IPA is re-installed). This is supported in the REST API but not python-rhsm. https://fedorahosted.org/freeipa/ticket/1216
* Disallow direct modifications to enrolledBy.Rob Crittenden2011-07-146-27/+33
| | | | | | | | | | This fixes a regression. We don't need to allow enrolledBy to be modified because it gets written in the ipa_enrollment plugin which does internal operations so bypasses acis. https://fedorahosted.org/freeipa/ticket/302
* Fixed label capitalizationEndi S. Dewata2011-07-1433-87/+333
| | | | | | | | The CSS text-transform sometimes produces incorrect capitalization, so the code has been modified to use translated labels that already contain the correct capitalization. Ticket #1424
* dnsrecord-mod uiAdam Young2011-07-1314-497/+498
| | | | | | | | | | | | | | | | | | | | | | | | | | Brings the DNS record infrastructure in line with the other entities. Uses widgets, nested search, and a littel bit of overloading for dns specific behavior The records now have their own page. simplified link widget and use for dns links work for nested entities. change the field in the link widget to other_entity to avoid name collision. unit test for entity link. fixed reference to entity for getting pkeys work around lack of setattr for dns record mod. update wasn't deducing locked_field type correctly. don't overwrite param_info in init data is required on adder dialog delete works for multiple records use show instead of find for entity_link_widget. https://fedorahosted.org/freeipa/ticket/1038 https://fedorahosted.org/freeipa/ticket/1448 https://fedorahosted.org/freeipa/ticket/577 https://fedorahosted.org/freeipa/ticket/1460
* remove HBAC warning from static UIAdam Young2011-07-131-44/+47
|
* Remove sensitive information from logsMartin Kosek2011-07-132-11/+11
| | | | | | | | When -w/--password option is passed to ipa-replica-install it is printed to ipareplica-install.log. Make sure that the value of this option is hidden. https://fedorahosted.org/freeipa/ticket/1378
* Filter reverse zones in dnszone-findMartin Kosek2011-07-134-13/+50
| | | | | | | | | Implements a new option to filter out reverse zones. This patch also do some clean up in dns plugin - debug prints were accidentally left here in the last dns patch. https://fedorahosted.org/freeipa/ticket/1471
* Convert nsaccountlock to always work as bool towards Python codeAlexander Bokovoy2011-07-137-40/+52
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1259 Python code will see nsaccountlock as bool. JavaScript code will also see it as bool. This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
* Reset failed login count to 0 when admin resets password.Rob Crittenden2011-07-131-0/+6
| | | | https://fedorahosted.org/freeipa/ticket/1441
* Fixed object_name and object_name_plural internationalizationEndi S. Dewata2011-07-1228-206/+206
| | | | | | | | | The object_name, object_name_plural and messages that use these attributes have been converted to support translation. The label attribute in the Param class has been modified to accept unicode string. Ticket #1435
generated by cgit (git 2.34.1) at 2024-11-15 11:10:15 +0000